Hi I am have a single image upload script it works when add the action into a different file but when I try to add the whole script in a single file the php doesnt run?

<form action="<?php echo $_SERVER["PHP_SELF"] ?>" method="post" enctype="multipart/form-data">
<p>
<label for="file">Select a file:</label>
<input type="file" name="userfile" id="file"> <br />
<input type="submit" value="upload">
<p>
</form>
<?php
if (isset ($_POST["submit"])) {
// Configuration - Your Options
$allowed_filetypes = array('.jpg','.gif','.bmp','.png'); // These will be the types of file that will pass the validation.
$max_filesize = 524288; // Maximum filesize in BYTES (currently 0.5MB).
$upload_path = './images/'; // The place the files will be uploaded to (currently a 'files' directory).
$filename = $_FILES["userfile"]["name"]; // Get the name of the file (including file extension).
$ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); // Get the extension from the filename.
// Check if the filetype is allowed, if not DIE and inform the user.
if(!in_array($ext,$allowed_filetypes))
die('The file you attempted to upload is not allowed.');
// Now check the filesize, if it is too large then DIE and inform the user.
if(filesize($_FILES["userfile"]["tmp_name"]) > $max_filesize)
die('The file you attempted to upload is too large.');
// Check if we can upload to the specified path, if not DIE and inform the user.
if(!is_writable($upload_path))
die('You cannot upload to the specified directory, please CHMOD it to 777.');
$filename = time().$ext; // this will give the file current time so avoid files having the same name
// Upload the file to your specified path.
if(move_uploaded_file($_FILES["userfile"]["tmp_name"],$upload_path . $filename))
echo time(). ' Your file upload was successful, view the file <a href="' . $upload_path . $filename . '" title="Your File">here</a>'; // It worked.
else
echo 'There was an error during the file upload. Please try again.'; // It failed :(.
}
?>

tpunt
—
2012-12-05T20:43:56Z —
#2

Did you modify the PHP code when you merged the two scripts together? Because if you separated both HTML and PHP code, then this script will not run. You must have added in the checking of the form submission (with the IF statement); and it is because of this as to why the PHP isn't being executing. This is due to the fact that you have not named the submit button, so the HTTP POST method is not passing on any information to PHPs $POST associative array; making a check for any value in $POST nugatory. Add a name to your submit button so that the $_POST array has a key to identify whether the form has been submitted or not (using isset) and it will function:

<input type="submit" name="submit" value="upload">

parkerj
—
2012-12-06T00:52:09Z —
#3

On top of what @modernW stated, I want to encourage you to put your PHP code before your html form and using PHP_SELF in forms is a security risk.

macaela
—
2012-12-06T01:53:39Z —
#4

Thanks alot guys followed all your advises and its working fine, do you guys think the validation is safe enough or at least average safe to avoid, if not any other tips are welcome.

once again thanks alot

parkerj
—
2012-12-06T02:09:38Z —
#5

@macaela, I think your validations are fine. However, you might want to consider making your error messages a little more informative. For instance, if the user tries to upload a file that is larger than the size you specify, to your error message you might want to convey to the user what is the acceptable size:

if(filesize($_FILES["userfile"]["tmp_name"]) > $max_filesize)
die('The file you attempted to upload is too large. It should not be greater than ' . $max_filesize . '.');

Otherwise, you are good to go.

macaela
—
2012-12-06T10:01:15Z —
#6

Thanks will do

macaela
—
2012-12-06T11:07:23Z —
#7

@ parkerj I tried to add the form above the php script but the problem is that when validate it no longer shows the form just the error message even thou it shows on the same page. is there a fix or should I just keep the form below the script.

parkerj
—
2012-12-06T12:03:33Z —
#8

If I understand you correctly, instead of die(); do something like this:

$message = 'The file you attempted to upload is too large. It should not be greater than ' . $max_filesize . '.';

Then just above your form add:

<?php echo $message; ?>

If an error occurs, then that message will appear above the form. You can use the $message variable for all of your errors instead of die().

macaela
—
2012-12-06T12:09:58Z —
#9

Hi if I do that and add the<?php echo $message; ?>I get the classic undefined

Hi shows two problem one $message not setNotice: Undefined variable: message in C:\xampp\htdocs\eusa\upload\index.php on line 62and second one is when validate it show all three error message when should just show one

hi ok it seems like the only problems is the variable $message when i try to echo is sayNotice: Undefined variable: message in C:\xampp\htdocs\eusa\upload\index.php on line 60How can I define if is set right at teh bottom of the script?

parkerj
—
2012-12-06T15:26:30Z —
#14

Sorry, I can't help with that. In Linux it works great; I am not a Windows expert, so I can't give direction on how to fix it for Windows. It may need to be converted to an array, but I can't be sure.

macaela
—
2012-12-06T15:32:15Z —
#15

Does on linux if first validation fails doesnt run second one? like

if(!$fileType) :
$message = '<br />The file you attempted to upload is not allowed.';
endif;
// dont run this one if above fails at moment it runs if to validation fails, I cant die or use exit because I still want to show the form when fails
// Now check the filesize, if it is too large then DIE and inform the user.
if($size > $max_filesize) :
$message = 'The file you attempted to upload is too large.';
endif;

macaela
—
2012-12-06T15:56:46Z —
#16

SolvedI had to define the variable message as empty like this$message = "";before theif (isset ($_POST["submit"]))is is there but without any value thanks alot guys